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Abstract 

Consider a network of n processes each of which has a d-dimensional vector of reals 
as its input. Each process can communicate directly with all the processes in the system; 
thus the communication network is a complete graph. All the communication channels 
are reliable and FIFO (first- in- first-out). The problem of Byzantine vector consensus 
(BVC) requires agreement on a d-dimensional vector that is in the convex hull of the 
d-dimensional input vectors at the non-faulty processes. We obtain the following results 
for Byzantine vector consensus in complete graphs while tolerating up to / Byzantine 
failures: 

• We prove that in a synchronous system, n > max( 3/ + 1, (d+l)/+l ) is necessary 
and sufficient for achieving Byzantine vector consensus. 

• In an asynchronous system, it is known that exact consensus is impossible in pres- 
ence of faulty processes. For an asynchronous system, we prove that n > (d+2)/+l 
is necessary and sufficient to achieve approximate Byzantine vector consensus. 

Our sufficiency proofs are constructive. We show sufficiency by providing explicit algo- 
rithms that solve exact BVC in synchronous systems, and approximate BVC in asyn- 
chronous systems. 

We also obtain tight bounds on the number of processes for achieving BVC using 
algorithms that are restricted to a simpler communication pattern. 
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1 Introduction 



This paper addresses Byzantine vector consensus (BVC), wherein the input at each process is a 
d-dimensional vector of reals, and each process is expected to decide on a decision vector that is in 
the convex hull of the input vectors at the non-faulty processes. The system consists of n processes 
in V = {pi,P2, • ■ ■ ,Pn}- We assume n > 1, since consensus is trivial for n = 1. At most / processes 
may be Byzantine faulty, and may behave arbitrarily |12j . All processes can communicate with each 
other directly on reliable FIFO (first-in first-out) channels. Thus, the communication network is a 
complete graph. The input vector at each process may also be viewed as a point in the d-dimensional 
Euclidean space R rf , where d > is a finite integer. Due to this correspondence, we use the terms 
point and vector interchangeably. Similarly, we interchangeably refer to the d elements of a vector 
as coordinates. We consider two versions of the Byzantine vector consensus (BVC) problem, Exact 
BVC and Approximate BVC. 

Exact BVC: Exact Byzantine vector consensus must satisfy the following three conditions. 

• Agreement: The decision (or output) vector at all the non-faulty processes must be identical. 

• Validity: The decision vector at each non-faulty process must be in the convex hull of the 
input vectors at the non- faulty processes. 

• Termination: Each non-faulty process must terminate after a finite amount of time. 

The traditional consensus problem |13|, [10] is obtained when d = 1; we refer to this as scalar 
consensus, n > 3/ + 1 is known to be necessary and sufficient for achieving Byzantine scalar 
consensus in complete graphs |12[ I13j . We observe that simply performing scalar consensus on 
each dimension of the input vectors independently does not solve the vector consensus problem. 
In particular, even if validity condition for scalar consensus is satisfied for each dimension of the 
vector separately, the above validity condition of vector consensus may not necessarily be satisfied. 
For instance, suppose that there are four processes, with one faulty process. Processes p±,P2 and 
P3 are non-faulty, and have the following 3-dimensional input vectors, respectively: xi = [§> g, g], 
x 2 = [g)|'g]i x 3 = [g> g> §]■ Process p4 is faulty. If we perform Byzantine scalar consensus on each 
dimension of the vector separately, then the processes may possibly agree on the decision vector 
[g, g, g], each element of which satisfies scalar validity condition along each dimension separately; 
however, this decision vector does not satisfy the validity condition for BVC because it is not in the 
convex hull of input vectors of non- faulty processes. In this example, since every non-faulty process 
has a probability vector as its input vector, BVC validity condition requires that the decision 
vector should also be a probability vector. In general, for many optimization problems [1] , the set 
of feasible solutions is a convex set in Euclidean space. Assuming that every non-faulty process 
proposes a feasible solution, BVC guarantees that the vector decided is also a feasible solution. 
Using scalar consensus along each dimension is not sufficient to provide this guarantee. 

Approximate BVC: In an asynchronous system, processes may take steps at arbitrary relative 
speeds, and there is no fixed upper bound on message delays. Fischer, Lynch and Paterson [9] 
proved that exact consensus is impossible in asynchronous systems in the presence of even a single 
crash failure. As a way to circumvent this impossibility result, Dolev et al. [5] introduced the notion 
of approximate consensus, and proved the correctness of an algorithm for approximate Byzantine 
scalar consensus in asynchronous systems when n > 5/ + 1. Subsequently, Abraham, Amit and 
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Dolev [lj established that approximate Byzantine scalar consensus is possible in asynchronous 
systems if n > 3/ + 1. Other algorithms for approximate consensus have also been proposed (e.g., 
[31 [8]). We extend the notion of approximate consensus to vector consensus. Approximate BVC 
must satisfy the following conditions: 

• e- Agreement: For 1 < I < d, the Z-th elements of the decision vectors at any two non- faulty 
processes must be within e of each other, where e > is a pre-defined constant. 

• Validity: The decision vector at each non-faulty process must be in the convex hull of the 
input vectors at the non- faulty processes. 

• Termination: Each non-faulty process must terminate after a finite amount of time. 
The main contribution of this paper is to establish the following bounds for complete graphs. 

• In a synchronous system, n > max(3/ + l,(d+ 1)/ + 1) is necessary and sufficient for Exact 
BVC in presence of up to / Byzantine faulty processes. (Theorems [T] and [3| . 

• In an asynchronous system, n > (d + 2)f + 1 is necessary and sufficient for Approximate BVC 
in presence of up to / Byzantine faulty processes. (Theorems [4] and [5]). 

Observe that the two bounds above are different when d > 1, unlike the case of d = 1 (i.e., scalar 
consensus). When d = 1, in a complete graph, 3/ + 1 processes are sufficient for exact consensus 
in synchronous systems, as well as approximate consensus in asynchronous systems pQ. For d > 1, 
the lower bound for asynchronous systems is larger by / compared to the bound for synchronous 
systems. 

In prior literature, the term vector consensus has also been used to refer to another form of 
consensus, wherein the input at each process is a scalar, but the agreement is on a vector containing 
these scalars [3 [16]. Thus, our results are for a different notion of consensus. 

Simpler (Restricted) Algorithm Structure 

In prior literature, iterative algorithms with very simple structure have been proposed to achieve 
approximate consensus, including asynchronous approximate Byzantine scalar consensus [5] in com- 
plete graphs, and synchronous as well as asynchronous approximate Byzantine consensus in incom- 
plete graphs [18]. Section [4] extends these simple structures to vector consensus in complete graphs, 
and obtains the following tight bounds: (i) n > (d + 2)/ + 1 for synchronous systems, and (ii) 
n> [d + 4)/ + 1 for asynchronous systems. Observe that the bound for the simple iterative algo- 
rithms in asynchronous systems is larger by 2/ when compared to the bound stated earlier: this 
is the cost of restricting the algorithm structure. This 2f gap is analogous to that between the 
sufficient condition of n > 3/ + 1 for asynchronous scalar consensus proved by Abraham, Amit and 
Dolev [J] , the sufficient condition of n > 5/ + 1 demonstrated by Dolev et al. [5] using a simpler 
algorithm. 

Our Notations 

Many notations introduced throughout the paper are also summarized in Appendix |A} We use 
operator | . | to obtain the size of a multiset or a set. We use operator || . || to obtain the absolute 
value of a scalar. 



2 



2 Synchronous Systems 



In this section, we derive necessary and sufficient conditions for exact BVC in a synchronous system 
with up to / faulty processes. The discussion in the rest of this paper assumes that the network is 
a complete graph, even if this is not stated explicitly in all the results. 

2.1 Necessary Condition for Exact BVC 

Theorem 1 n > max(3/ + l,(d+l)/ + l) is necessary for Exact BVC in a synchronous system. 

Proof: From |12l 113) . we know that, for d = 1 (i.e., scalar consensus), n > 3/ + 1 is a necessary 
condition for achieving exact Byzantine consensus in presence of up to / faults. If we were to 
restrict the d-dimensional input vectors to have identical d elements, then the problem of vector 
consensus reduces to scalar consensus. Therefore, n > 3f + 1 is also a necessary condition for Exact 
BVC for arbitrary d. Now we prove that n > (d + 1)/ + 1 is also a necessary condition. 

First consider the case when / = 1, i.e., at most one process may be faulty. Since none of 
the non-faulty processes know which process, if any, is faulty, as elaborated in Appendix [Cj the 
decision vector must be in the convex hull of each multiset containing the input vectors of n — 1 
of the processes (there are n such multisets)^] Thus, this intersection must be non-empty, for all 
possible input vectors at the n processes. (Appendix [C] provides further clarification.) We now 
show that the intersection may be empty when n = d + 1; thus, n = d + 1 is not sufficient for / = 1. 

Suppose that n = d+1. Consider the following set of input vectors. The input vector of process 
Pi, where 1 < i < d, is a vector whose i-th element is 1, and the remaining elements are 0. The 
input vector at process Pd+i is the all-0 vector (i.e., the vector with all elements 0). Note that the 
d input vectors at pi, ■ ■ ■ ,pd form the standard basis for the <i-dimensional vector space. Also, none 
of the d+1 input vectors can be represented as a convex combination of the remaining d input 
vectors. For 1 < i < d + 1, let Qi denote the convex hull of the inputs at the n — 1 = d processes 
in V — {pi}- We now argue that Clf^l Qi is empty. 

For 1 < i < d, observe that for all the points in Qi, the z-th coordinate is 0. Thus, any point 
that belongs to the intersection nf =1 Qi must have all its coordinates 0. That is, only the all-0 
vector belongs to nf =1 Qi. Now consider Qd+i, which is the convex hull of the inputs at the first d 
processes. Due to the choice of the inputs at the first d processes, the origin (i.e., the all-0 vector) 
does not belong to Qd+i- From the earlier observation on nf =1 Qi, it then follows that fl^ 1 Qi = 0. 
Therefore, the Exact BVC problem for / = 1 cannot be solved with n = d + 1. Thus, n = d+1 is 
not sufficient. It should be easy to see that n < d + 1 is also not sufficient. Thus, n > d + 2 is a 
necessary condition for / = 1. 

Now consider the case of / > 1. Using the commonly used simulation approach [12], we 
can prove that (d + l)f processes are not sufficient. In this approach, / simulated processes are 
implemented by a single process. If a correct algorithm were to exist for tolerating / faults among 
(d+ l)f processes, then we can obtain a correct algorithm to tolerate a single failure among d + 1 
processes, contradicting our result above. Thus, n > (d + l)f + 1 is necessary for / > 1. (For 
/ = 0, the necessary condition holds trivially.) □ 



1 Since the state of two processes may be identical, we use a multiset to represent the collection of the states of a 
subset of processes. Appendix [B] elaborates on the notion of multisets. 
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2.2 Sufficient Condition for Exact BVC 



We now present an algorithm for Exact BVC in a synchronous system, and prove its correctness in 
a complete graph with n > max(3/ + 1, (d + 1)/ + 1). The algorithm uses function T(Y) defined 
below, where Y is a multiset of points. %{T) denotes the convex hull of a multiset T. 

T(Y) = n T cY,\THY\- f nT). (1) 

The intersection above is over the convex hulls of all subsets of Y of size |V| — /. 

Exact BVC algorithm for n > max(3/ + 1, (d + l)f + 1) : 

1. Each process uses a scalar Byzantine broadcast algorithm (such as fl2j|6]) to broadcast each 
element of its input vector to all the other processes (each element is a scalar). The Byzan- 
tine broadcast algorithm allows a designated sender to broadcast a scalar value to the other 
processes, while satisfying the following properties when n > 3/ + 1: (i) all the non- faulty 
processes decide on an identical scalar value, and (ii) if the sender is non-faulty, then the value 
decided by the non-faulty processes is the sender's proposed (scalar) value. Thus, non-faulty 
processes can agree on the d elements of the input vector at each of the n processes. 

At the end of the this step, each non-faulty process would have received an identical multiset 
S containing n vectors, such that the vector corresponding to each non- faulty process is 
identical to the input vector at that process. 

2. Each process chooses as its decision vector a point in T(5); all non-faulty processes choose the 
point identically using a deterministic function. We will soon show that T(S) is non-empty. 

We now prove that the above algorithm is correct. Later, we show how the decision vector can 
be found in Step 2 using linear programming. The proof of correctness of the above algorithm uses 
the following celebrated theorem by Tverberg |17| : 

Theorem 2 (Tverberg's Theorem |17| ) For any integer f > 1, and for every multiset Y con- 
taining at least (d + 1)/ + 1 points in R rf , there exists a partition Y\, • • • , Yf+i of Y into f + 1 
non-empty multisets such that %(Y/) ^ 0. 

The points in multiset Y above are not necessarily distinct [17]; thus, the same point may occur 
multiple times in Y. (Appendix [B] elaborates on the notion of multisets, and multiset partition.) 
The partition in Theorem 2] is called a Tverberg partition, and the points in Hjt^ 1 H(Yi) in Theorem 
[2] are called Tverberg points. Appendix [D] provides an illustration of a Tverberg partition for points 
in 2-dimensional space. 

The lemma below is used to prove the correctness of the above algorithm, as well as the algorithm 
presented later in Section [3j 

Lemma 1 For any multiset Y containing at least (d + 1)/ + 1 points in H d , T(Y) ^ 0. 

Proof: Consider a Tverberg partition of Y into / + 1 non-empty subsets Y%, ■ ■ ■ , such that 

the set of Tverberg points Hjt^ 1 ~H{Yi) 7^ 0. Since \ Y\ > (d + 1)/ + 1, by TheoremJiJ such a partition 
exists. By ([!]) we have 

rpO = r\ T cY,\T H Y\-f n(T). (2) 
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Consider any T in ([2]). Since \T\ = \Y\ — f and there are / + 1 subsets in the Tverberg partition 
of Y, T excludes elements from at most / of these subsets. Thus, T contains at least one subset 
from the partition. Therefore, for each T, nj^iH(Yi) C "H(T). Hence, from |2), it follows that 
n{^H(Yi) C T(F). Also, because f]{^H(Yi) / 0, it now follows that T(Y) ^ 

We can now prove the correctness of our Exact BVC algorithm. 



□ 



Theorem 3 n > max(3/ + l,(d + 1)/ + 1) is sufficient for achieving Exact BVC in a synchronous 
system. 

Proof: We prove that the above Exact BVC algorithm is correct when n > max(3/ + 1, (d + l)f + 
1). The termination condition holds because the Byzantine broadcast algorithm used in Step 1 
terminates in finite time. Since \S\ = n > (d + 1)/ + 1, by Lemma[TJ T(S) ^ 0. By we have 

r(S) = n T cs,\T\=\s\-fn(T). (3) 

At least one of the multisets T in ([3]), say T*, must contain the inputs of only non-faulty processes, 
because \T\ = \S\ — f = n — f, and there are at most / faulty processes. By definition of T(S), 
r(5) C J{(T*). Then, from the definition of T* , and the fact that the decision vector is chosen 
from T(S), the validity condition follows. 

Agreement condition holds because all the non-faulty processes have identical S, and pick as 
their decision vector a point in T(S) using a deterministic function in Step 2. □ 

We now show how Step 2 of the Exact BVC algorithm can be implemented using linear pro- 
gramming. The input to the linear program is S = {sj : 1 < i < n}, a multiset of d-dimensional 
vectors. Our goal is to find a vector z G r(S*); or equivalently, find a vector z that can be expressed 
as a convex combination of vectors in T for all choices T C S such that \T\ = n — f. The linear 
program uses the following d + ( n "j)(n — /) variables. 

• zi, ..Zd : variables for d elements of vector z. 

• ctT,i '■ coefficients such that z can be written as convex combination of vectors in T. We 
include here only those n — f indices i for which Sj G T. 

For every T, the linear constraints are as follows. 

• z = J2sitT a T,i s i ( z is a linear combination of G T) 

• S Si eT a T,i = 1 (The sum of all coefficients for a particular T is 1) 

• c*T,i > for all Si G T. 

For every T, we get d+l + n — f linear constraints, yielding a total of ( n "y) (d+l+rt— /) constraints 
in d + ( n ™j)(n — /) variables. Hence, for any fixed f, a point in T(S) can be found in polynomial 
time by solving a linear program with the number of variables and constraints that are polynomial 
in n and d (but not in /). However, when / grows with n, the computational complexity is high. 

We note here that the above Exact BVC algorithm remains correct if the non-faulty processes 
identically choose any point in T(S) as the decision vector. In particular, as seen in the proof of 
Lemma [TJ all the Tverberg points are contained in r(S'), therefore, one of the Tverberg points 
for multiset S may be chosen as the decision vector. It turns out that, for arbitrary d, currently 
there is no known algorithm with polynomial complexity to compute a Tverberg point for a given 
multiset [2"1 114| [To]. However, in some restricted cases, efficient algorithms are known (e.g., [11]). 
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3 Asynchronous Systems 



We develop a tight necessary and sufficient condition for approximate asynchronous BVC. 

3.1 Necessary Condition for Approximate Asynchronous BVC 

Theorem 4 n > (d + 2)f + 1 is necessary for approximate BVC in an asynchronous system. 

Proof: We first consider the case of / = 1. Suppose that a correct algorithm exists for n = d + 2. 
Denote by x& the input vector at each process pk- Now consider a process pi, where 1 < i < d+ 1. 
Since a correct algorithm must tolerate one failure, process pt must terminate in all executions in 
which process Pd+2 does not take any steps. Suppose that all the processes are non- faulty, but 
process Pd+2 does not take any steps until all the other processes terminate. At the time when 
process pi terminates (1 < i < d + 1), it cannot distinguish between the following d + 1 scenarios: 

• Process Pd+2 has crashed: In this case, to satisfy the validity condition, the decision of process 
Pi must be in the convex hull of the inputs of processes p±,P2, • • • iPd+i- That is, the decision 
vector must be in the convex hull of Xf +2 defined below. 

Xf +2 = {x fe : l<k<d+l} (4) 

Xd+2 is not included above, because until process pi terminates, Pd+2 does not take any steps 
(so pi cannot learn any information about Xrf +2 ). 

• Process pj (j ^ i, 1 < j < d + 1) is faulty, and process Pd+2 is slow, and hence Pd+2 has not 
taken any steps yet: Recall that we are considering pi at the time when it terminates. Since 
process Pd+2 has not taken any steps yet, process pi cannot have any information about the 
input at Pd+2- Also, in this scenario pj may be faulty, therefore, process pi cannot trust the 
correctness of the input at pj. Thus, to satisfy the validity condition, the decision of process 
Pi must be in the convex hull of X\ defined below. 

X\ = {x fc : k / j and 1 < k < d + 1} (5) 

The decision vector of process pi must be valid independent of which of the above d + 1 scenarios 
actually occurred. Therefore, observing that H(Xf +2 ) D T-L{Xl), where j ^ i, we conclude that 
the decision vector must be in 

r"W<j<d+i n(xj) (6) 

Recall that e > is the parameter of the e-agreement condition in Section [TJ For 1 < i < d, suppose 
that the i-th element of input vector Xj is 4e, and the remaining d— 1 elements are 0. Also suppose 
that x^ +1 and x^ +2 are both equal to the all-0 vector. 

Let us consider process Pd+i- In this case, 7i(X d+1 ) for j < d only contains vectors whose j-th 
element is 0. Thus, the intersection of all the convex hulls in ^ only contains the all-0 vector, 
which, in fact, equals x^+i. Thus, the decision vector of process Pd+i must be equal to x^+i. We 
can similarly show that for each pi, 1 < i < d + 1, the intersection in ([6]) only contains vector x,, 
and therefore, the decision vector of process pi must be equal to its input Xj. The input vectors 
at each pair of processes in p±, ■ ■ ■ ,Pd+i differ by 4e in at least one element. This implies that the 
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e-agreement condition is not satisfied. Therefore, n = d + 2 is not sufficient for / = 1. It should be 
easy to see that n < d + 2 is also not sufficient. 

For the case when / > 1, by using a simulation similar to the proof of Theorem [TJ we can now 
show that n < (d + 2)/ is not sufficient. Thus, n > (d + 2)f + 1 is necessary for / > 1. (For / = 0, 
the necessary condition holds trivially.) □ 



3.2 Sufficient Condition for Approximate Asynchronous BVC 

We will prove that n > (d+2)f + \ is sufficient by proving the correctness of an algorithm presented 
in this section. The proposed algorithm executes in asynchronous rounds. Each process p% maintains 
a local state Vj, which is a <i-dimensional vector. We will refer to the value of v, at the end of the 
i-th round performed by process pi as Vj[i]. Thus, Vj[i — 1] is the value of v, at the start of the 
t-th round of process pi. The initial value of Vj, namely Vj[0], is equal to p^s input vector, denoted 
as Xj. The messages sent by each process anytime during its i-th round are tagged by the round 
number t. This allows a process pi in its round t to determine, despite the asynchrony, whether a 
message received from another process pj was sent by pj in pj's round t. 

The proposed algorithm is obtained by suitably modifying a scalar consensus algorithm pre- 
sented by Abraham, Amit and Dolev pQ to achieve asynchronous approximate Byzantine scalar 
consensus among 3/ + 1 processes. We will refer to the algorithm in [1] as the AAD algorithm. 
We first present a brief overview of the AAD algorithm, and describe its properties. We adopt 
our notation above when describing the AAD algorithm (the notation differs from pQ). One key 
difference is that, in our proposed algorithm Vj[t] is a vector, whereas in AAD description below, 
it is considered a scalar. The AAD algorithm may be viewed as consisting of three components: 

1. AAD component #1: In each round t, the AAD algorithm requires each process to commu- 
nicate its state V{[t — 1] to other processes using a mechanism that achieves the properties 
described next. AAD ensures that each non-faulty process pi in its round t obtains a set Bi[t] 
containing at least n — f tuples of the form (pj,Wj,t), such that the following properties hold: 

• (Property 1) For any two non-faulty processes pi and py. 

\Bi{t\C\B 3 [t]\> n- f (7) 

That is, pi and pj learn at least n — f identical tuples. 

• (Property 2) If (pi,W[,t) and (pk, Wfc,i) are both in Bi[t], then p\ ^ pk- That is, B,i[t\ 
contains at most one tuple for each process. 

• (Property 3) If pk is non- faulty, and (pk, w^, t) G Bi[t], then w& = v^[t — 1]. That is, for 
any non-faulty process p^, Bi[t] may only contain the tuple (p^, v^[t — l],t). (However, 
it is possible that, corresponding to some non- faulty process, Bi[t] does not contain a 
tuple at all.) 

2. AAD component #2: Process pi, having obtained set Bi[t] above, computes its new state Vj[£] 
as a function of the tuples in B,i[t\. The primary difference between our proposed algorithm 
and AAD is in this step. The computation of Vj[i] in AAD is designed to be correct for scalar 
inputs (and scalar decision), whereas our approach applies to d-dimensional vectors. 

3. AAD component #3: AAD also includes a sub-algorithm that allows the non-faulty processes 
to determine when to terminate their computation. Initially, the processes cooperate to 



7 



estimate a quantity 5 as a function of the input values at various processes. Different non- 
faulty processes may estimate different values for 5, since the estimate is affected by the 
behavior of faulty processes and message delays. Each process then uses 1 + |~log 2 f] as the 
threshold on the minimum number of rounds necessary for the non-faulty processes to converge 
within e of each other. The base of the logarithm above is 2, because the range of the values 
at the non-faulty processes is shown to shrink by a factor of \ after each asynchronous round 
of AAD pQ. Subsequently, when the processes reach respective thresholds on the rounds, they 
exchange additional messages. After an adequate number of processes announce that they 
have reached their threshold, all the non-faulty processes may terminate. 

It turns out that the Properties 1, 2 and 3 hold even if Component #1 of AAD is used with 
Vj[t] as a vector. We exploit these properties in our algorithm below. The proposed algorithm 
below uses a function <3?, which takes a set, say set B, containing tuples of the form w/t, i), and 
returns a multiset containing the points (i.e., w^). Formally, 

$(B) = {w fc : (p fc ,w fc ,t) € B} (8) 

A mechanism similar to that in AAD may potentially be used to achieve termination for the 
approximate BVC algorithm below as well. The main difference from AAD would be in the manner 
in which the threshold on the number of rounds necessary is computed. However, for brevity, we 
simplify our algorithm by assuming that there exists an upper bound U and a lower bound v on the 
values of the d elements in the inputs vectors at non-faulty processes, and that these bounds are 
known a priori. Thus, all the elements in each input vector will be < U and > v. This assumption 
holds in many practical systems, because the input vector elements represent quantities that are 
constrained. For instance, if the input vectors are probability vectors, then {7 = 1 and v = 0. If 
the input vectors represent locations in 3-dimensional space occupied by mobile robots, then U 
and v are determined by the boundary of the region in which the robots are allowed to operate. 
The advantage of the AAD-like solution over our simple approach is that, depending on the actual 
inputs, the algorithm may potentially terminate sooner, and the AAD mechanism prevents faulty 
processes from causing the non-faulty processes to run longer than necessary. However, the simple 
static approach for termination presently suffices to prove the correctness of our approximate BVC 
algorithm, as shown later. 

Asynchronous Approximate BVC algorithm for n > (d + 2)f + 1 : 



1. In the t-th round, each non-faulty process uses the mechanism in Component #1 of the AAD 
algorithm to obtain a set Bi[t] containing at least n — f tuples, such that Bi[t] satisfies 
properties 1, 2, and 3 described earlier for AAD. While these properties were proved in [T] 
for scalar states, the correctness of the properties also holds when v, is a vector. 

2. In the t-th round, after obtaining set Bi[t], process pi computes its new state Vi[t] as follows. 
Form a multiset Z{ using the steps below: 

• Initialize Zi as empty. 

• For each C C Bi[t] such that \C\ = n — f > (d+ 1)/ + 1, add to Zi one deterministically 
chosen point from r(*(C)). Since |$(C)| = \C\ >{d + l)f + 1, by Lemma[l} r($(C)) 
is non-empty. 
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Note that I Zf| = (j^f) < ( n " / ). Calculate 



Vi[<] = %^ ( 9 ) 



U-v- 



3. Each non- faulty process terminates after 1 + [log 1/ /( 1 _ 7 ) rounds, where 7 (0 < 7 < 1) is 



a constant defined later in (11). Recall that e is the parameter of the e-agreement condition. 



In Step 2 above, we consider subsets C of Bi[t], each subset being of size n — f. As 

elaborated in Appendix [Fj it is possible to reduce the number of subsets explored to just n — f. 
This optimization will reduce the computational complexity of Step 2, but it is not necessary for 
correctness of the algorithm. 

Theorem 5 n > (d + 2)/ + 1 is sufficient for approximate BVC in an asynchronous system. 

Proof: Without loss of generality, suppose that m processes pi,P2, ■ •• Pm are non-faulty, where 
m > n — /, and the remaining n — m processes are faulty. In the proof, we will often omit the 

round index [t] in Bi[t], since the index should be clear from the context. In this proof, we consider 
the steps taken by the non-faulty processes in their respective i-th rounds, where t > 0. We now 
dehne a valid point. The definition is used later in the proof. 

Definition 1 A point r is said to be valid if there exists a representation of r as a convex com- 
bination of Vk[t — 1], 1 < k < m. That is, there exist constants P\~, such that < Pk < 1 and 

El<Km Pk = 1 , and 

r = ]T PkV k [t-l] (10) 

l<k<m 

Pk is sa id to be the weight o/v^ft — 1] in the above convex combination. 

In general, there may exist multiple such convex combination representations of a valid point r. 
Observe that at least one of the weights in any such convex combination must be > — > - . 

For the convenience of the readers, we break up the rest of this proof into three parts. 



Part I: At a non-faulty process pi, consider any C C Bi such that \C\ = n — f (as in Step 2 of 
the algorithm). Since |$(C)| = \C\ = n - f > {d + 1)/ + 1, by Lemma[TJ r($(C)) + 0. So Z t will 
contain a point from r($(C)) for each C. 

Now, C C Bi, |$(C)| = n — f, and there are at most / faulty processes. Then Property 3 of 
Bi implies that at least one (n — 2/)-size subset of 3>(C) must also be a subset of {vi[t — 1], V2[t — 
1], • • • , v m [i — 1]}, i.e., contain only the state of non-faulty processes. Therefore, all the points 
in r(<fr(C)) must be valid (due to ([!]) and Definition [T]) . This observation is true for each set C 
enumerated in Step 2. Therefore, all the points in Zj computed in Step 2 must be valid. (Recall 
that we assume processes p%, ■ ■ ■ ,p m are non-faulty.) 
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Part II: Consider any two non-faulty processes pi and pj. 



Observation 1: As argued in Part I, all the points in Zi are valid. Therefore, all the points 
in Zi can be expressed as convex combinations of the state of non- faulty processes, i.e., 
{v\[t — 1], • • • , v m [t — 1]}. Similar observation holds for all the points in Zj too. 

Observation 2: By Property 1 of B L and -BjJ^] 

\Bi n Bj\ > n- f. 

Therefore, there exists a set Cij C BiCiBj such that \Cij\ = n — f. Therefore, Zi and Zj both 
contain one identical point from T(<&(Cij)). Suppose that this point is named Zij. As shown in 
Part I above, Zjj must be valid. Therefore, there exists a convex combination representation 
of in terms of the states {vi[i — 1], V2[t — 1], • • • , v m [t — 1]} of non-faulty processes. Choose 
any one such convex combination. There must exist a non-faulty process, say P g (ij), such 
that the weight associated with v g uj^[t — 1] in the convex combination for z^- is > ^ > i. 
We can now make the next observation^ 

Observation 3: Recall from ^ that Vj[i] is computed as the average of the points in Zi, and 
= (i-/) — (n— /)' ^ Observations 1, all the points in Zi are valid, and by Observation 
2, £ Zi. These observations together imply that Vj[i] is also valid, and there exists a 
representation of Vj[£] as a convex combination of {vi[t — l],---,v m [t — 1]}, wherein the 
weight of v g(i,j)[i — 1] is > ^g.^ > ' Similarly, we can show that there exists a 

representation of Vj[t] as a convex combination of {v\[t — 1], ■ ■ ■ ,v m [t — 1]}, wherein the 

l ; c l 



weight of v ff (jj)[i — 1] is > n( \ ^ . Define 



Vn-// 

Consensus is trivial for n = 1, so we consider finite n > 1. Therefore, < 7 < 1. 



Part III: Observation 3 above implies that for any r > 0, Vj[r] is a convex combination of 
{vi[r — 1], • • • , v m [r — 1]}. Applying this observation for r = 1, 2, • • • , t, we can conclude that v,[t] 
is a convex combination of { vi [0] , • • • , v m [0] } , implying that the proposed algorithm satisfies the 
validity condition for approximate consensus. (Recall that v^.[0] equals process p^s input vector.) 

Let vu[t] denote the Z-th element of the vector state Vj[i] of process pi. Define £li[t] = 
maxi<K m Vfcj[t], the maximum value of Z-th element of the vector state of non-faulty processes. 
Define fii[t] = mini<fc< m v^[i], the minimum value of Z-th element of the vector state of non- faulty 
processes. Appendix |E| proves, using Observations 1 and 3 above, that 

nj[*]-MlM < (1-7) (fi { [t-l]-/ii[t-l]), forl</<d (12) 



By repeated application of (12) we get 

ni[t]-m[t] < (1-7)' (^[o]-w[o]) (13) 



2 As noted earlier, we omit the round index [t] when discussing the sets Bi[t] and Bj[t] here. 

3 Note that, to simplify the notation somewhat, the notation g(i,j) does not make the round index t explicit. 
However, it should be noted that g(i,j) for processes pi and Pj can be different in different rounds. 
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Therefore, for a given e > 0, if 



t > log 1/{1 _ 7) 



fii[0]- W [0] 



(14) 



then 



Ql[t]-m[t] < e. 



(15) 



Since (14) and (15) hold for 1 < I < d, and U > f2j[0] and v < ni[0] for 1 < I < d, if each non-faulty 
process terminates after 1+ \log 1 /( 1 _^ ^f^] rounds, e-agreement is ensured. As shown previously, 
validity condition is satisfied as well. Thus, the proposed algorithm is correct, and n > (d + 2)f + 1 
is sufficient for approximate consensus in asynchronous systems. □ 



4 Simpler Approximate BVC Algorithms with Restricted Round 
Structure 

The proposed approximate BVC algorithm relies on Component #1 of AAD for exchange of state 
information among the processes. The communication pattern of AAD requires three message 
delays in each round (i.e., a causal chain of three messages per round), to ensure strong properties 



for sets Bi[t], as summarized in Section 3.2 In this section, we consider simpler (restricted) round 
structure that reduces the communication delay, and the number of messages, per round. The 
price of the reduction in message cost / delay is an increase in the number of processes necessary to 
achieve approximate BVC, as seen below. 

We consider a restricted round structure for achieving approximate consensus in synchronous 
and asynchronous settings both. In both settings, each process pi maintains state Vj[t], as in the 



case of the algorithm in Section 3.2 Vj[0] is initialized to the input vector at process pi. 



Synchronous approximate B VC: The restricted algorithm structure for a synchronous system is as 
follows. The algorithm executes in synchronous rounds, and each process pi performs the following 
steps in the t-th round, t > 0. 

1. Transmit current vector state, Vj[i — 1], to all the processes. Receive vector state from all the 
processes. If a message is not received from some process, then its vector state is assumed to 
have some default value (e.g., the all-0 vector). 

2. Compute new state Vj[t] as a function of Vj[i — 1] and the vectors received from the other 
processes in the above step. 

Asynchronous approximate BVC: The restricted structure of the asynchronous rounds in the asyn- 
chronous setting is similar to that in [jjj. The messages in this case are tagged by the round index, 



as in Section 3.2 Each process pi performs the following steps in its t-th round, t > 0: 



1. Transmit current state Vj[i — 1] to all the processes. These messages are tagged by round 
index t. 

Wait until a message tagged by round index t is received from (n — / — 1) other processes. 
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2. Compute new state Vj[i] as a function of Vj[i — 1], and the (n — f — 1) other vectors collected 
in the previous step (for a total of n — f vectors) . 



For algorithms with the above round structures, the following results can be proved; the proofs are 
similar to those in Section [3l 

Theorem 6 For the restricted synchronous and asynchronous round structures presented above in 
Section^ following conditions are necessary and sufficient: 

• Synchronous case: n> (d + 2)f + 1 

• Asynchronous case: n > (d + 4)f + 1 

To avoid repeating the ideas used in Section [3| we do not present complete formal proofs here. We 
can prove sufficiency constructively. The restricted round structures above already specify the Step 



1 of each round. We can use Step 2 analogous to that of the algorithm in Section 3.2, with Bi[t] 



being redefined as the set of vectors received by process pi in Step 1 of the restricted structure. 

• In the synchronous setting, n > (d + 2)/ + l is necessary. With n > (d + 2)/ + l, observe that 
any two non-faulty processes pi and pj will receive identical vectors from n — f > (d+ 1)/ + 1 
non-faulty processes. Thus, Bi[t] f~l Bj[t] contains at least (d + l)f + 1 identical vectors. 

• In the asynchronous setting, n > {d + 4)/ + 1 is necessary. With n > (d + 4)/ + 1, each 
non-faulty processe will have, in Step 2, vectors from at least n — f processes (including 
itself). Thus, any two fault-free processes will have, in Step 2, vectors from at least n — 2/ 
identical processes, of which at most / may be faulty. Thus, Bi[t] n Bj[t] contains at least 
n — 3/ identical vectors (corresponding to the state of n — 3/ non- faulty processes). Note 
thatn-3/> (d +!)/ + !. 



The proof of correctness of the algorithm in Section |3.2| relies crucially on the property that 

As discussed above, when the number of nodes satifies the constraints in Theorem |6j this property 
holds for the restricted round structures too. The rest of the proof of correctness of the restricted al- 
gorithms is then similar to the proof of Theorem |4j Thus, the above synchronous and asynchronous 
algorithms can achieve approximate BVC. 



5 Summary 

This paper addresses Byzantine vector consensus (BVC) wherein the input at each process, and 
its decision, is a d-dimensional vector. We derive tight necessary and sufficient bounds on the 
number of processes required for Exact BVC in synchronous systems, and Approximate BVC in 
asynchronous systems. 

In Section|4j we derive bounds on the number of processes required for algorithms with restricted 
round structures to achieve approximate consensus in synchronous as well as asynchronous systems. 
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Appendix 

A Notations 



This appendix summarizes some of the notations and terminology introduced in the paper. 
n = number of processes. 

V = {p\,P2i ■ ■ ■ ,Pn} is the set of processes in the system. 
/ = maximum number of Byzantine faulty processes. 

d = dimension of the input vector as well as decision vector at each process. 

Xj = (i-dimensional input vector at process pi. The vector is equivalently viewed as a point 
in the Euclidean space R rf . 

H(Y) denotes the convex hull of the points in multiset Y. 

m : The proof of Theorem [5] assumes, without loss of generality, that for some m > n — f, 
processes pi, ■ ■ ■ ,p m are non-faulty, and the remaining n — m processes are faulty. 

T(.) is defined in ([!]). 

$(.) is defined in Q. 

Vi[t] is the state of process pi at the end of its t-th round of the asynchronous BVC algorithm, 
t > 0. Thus, Vi[t — 1] is the state of process pi at the start of its t-th round, t > 0. Vi[0] for 
process pi equals its input Xj. 

Vj/[i] is the l-th. element of v$[i], where 1 <l < d. 



Bi[t] defined in Section 3.2 , is a set of tuples of the form (pj,Wj, t), obtained by process pi in 



Step 1 of the approximate consensus algorithm. 

Weight in a convex combination is defined in Definition [T] 



7 = t n \ i as defined in (11). Note that < 7 < 1 for finite n > 1. 
n U-/J ] 

Qi[t] = maxi< fc < m v k i[t] 

/j,l[t] = mini< fc < m v k i[t] 

P l[t] = Qi[t] -m[t] 

\Y\ denotes the size of a multiset Y. 

II a II is the absolute value of a real number a. 
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B Multisets and Multiset Partition 



Multiset is a generalization on the notion of a set. While the members in a set must be distinct, a 
multiset may contain the same member multiple times. 

Notions of a subset of a multiset and a partition of a multiset have natural definitions. For 
completeness, we present the definitions here. 

Suppose that Y is a multiset. Y contains \Y\ members. Denote the members in Y as yi, 
1 < i < \Y\. Thus, Y = {yi,y2, ■ ■ ■ ,y\y\}- Define set Ny = {1, 2, • • • , |y|}. Thus, Ny contains 
integers from 1 to \Y\. Since Y is a multiset, it is possible that yi = yj for some i ^ j. 

Z is a subset of Y provided that there exists a set Nz C Ny such that 

Z = { Vi : i£N z } 

Subsets Y±, Y2, ■ ■ ■ , Yfj of multiset Y form a partition of Y provided that there exists a partition 
N 1 ,N 2 ,---,N b oi set Ny such that 

Yj = { yi : ieN,}, l<j<b 



C Clarification for the Proof of Theorem [T] 

In the proof of Theorem [TJ when considering the case of / = 1, we claimed the following: 

Since none of the non- faulty processes know which process, if any, is faulty, as elaborated in 
Appendix [Cj the decision vector must be in the convex hull of each multiset containing the 
input vectors of n — 1 of the processes (there are n such multisets). Thus, this intersection 
must be non-empty, for all possible input vectors at the n processes. 

Now we provide an explanation for the above claim. 

Suppose that the input at process pi is Xj, 1 < i < n. All the processes are non- faulty, but 
the processes do not know this fact. The decision vector chosen by the processes must satisfy the 
agreement and validity conditions both. 

• With / = 1, any one process may potentially be faulty. In particular, process pi (1 <i < n) 
may possibly be faulty. Therefore, the input x« of process p, t cannot be trusted by other 
processes. Then to ensure validity, the decision vector chosen by any other process pj (j 7^ i) 
must be in the convex hull of the inputs at the processes in V — {p^} (i.e., all processes except 
Pi). Thus, the decision vector of process pj (j 7^ i) must be in the convex hull of the points 
in multiset X 1 below. 

X' 1 = {x fc : k^i, 1 < k < n}. 

• To ensure agreement, the decision vector chosen by all the processes must be identical. There- 
fore, the decision vector must be in the intersection of the convex hulls of all the multisets 
X % (1 < i < n) defined above. Thus, we conclude that the decision vector must be in the 
intersection below, where H(X l ) denotes the convex hull of the points in multiset X % , and Qi 
denotes U^X 1 ). 

n? =1 -H(x^) = nU Qi (16) 
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Figure 1: Illustration of a Tverberg partition. 

Acknowledgment: The above example is inspired by an illustration authored by David Eppstein, 
which is available in the public domain from Wikipedia Commons. 



If the intersection in (16) is empty, then there is no decision vector that satisfies validity and 



agreement conditions both. Therefore, the intersection must be non-empty. 

As shown in the proof of Theorem [TJ if n is not large enough, then the intersection in (16) may 
be empty. 



D Tverberg Partition 

Figure [T] illustrates a Tverberg partition of a set of 7 vertices in 2-dimensions. The 7 vertices are 
at the corners of a heptagon. Thus, n = 7 here, and d = 2. Let / = 2. Then, n = (d+ l)f + 1, and 
Tverberg's Theorem [2] implies the presence of a Tverberg partition consisting of / + 1 = 3 subsets. 
Figure [T] shows the convex hulls of the three subsets in the Tverberg partition: one convex hull is a 
triangle, and the other two convex hulls are each a line segment. In this example, the three convex 
hulls intersect in exactly one point. Thus, there is just one Tverberg point. In general, there can 
be multiple Tverberg points. 



E Proof of (12) 



Vu[t] denotes the Z-th element of the vector state Vj[i] of process pi, 1 < I < d. Processes Pi, • • • ,p m 
are non- faulty, and processes p m +i, • • • ,p n are faulty, where m > n — f . Recall that, for 1 < I < d, 



Define 



Pi[t] 



Equivalently, 



max Vjy[i], maximum value of Z-tli elements at non-faulty processes(17) 

l<k<m 

min Vfc;[t], minimum value of Z-th elements at non-faulty processes (18) 

l<k<m 



n,\t] 



pi[t] 



max || v a [t] - Vji[t] 

l<«,j<m 



(19) 
(20) 

(21) 
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where | . operator yields the absolute value of the scalar parameter. 

Consider any two non-faulty processes Pi,Pj (thus, 1 < i,j < m). Consider 1 < I < d. Then 

Mi[t-1] < v«[*-l] < fi,[*-l] (22) 
< v^[t-l] < J2,[t-1] (23) 

Observations 1 and 3 in Part III of the proof of Theorem [5| and the definition of 7, imply the 
existence of constants o^'s and /J^'s such that: 

m 

Vi [t] = £ ^vjkli-l] where (24) 
fc=i 

m 

ak > for 1 < < m, and a^ = \ (25) 

fc=l 

^ 7 (26) 

m 

v j[<] = £ /9feV fc [t-l] where (27) 
fc=i 

m 

& > for 1 < k < m, and ]T & = 1 (28) 

fe=i 

> 7 (29) 



In the following, let us abbreviate g(i,j) simply as g. Thus, Oi g Uj) is same as a g , and /3 g aj) is 



same as From (24) and (|27t) , focussing on just the operations on Z-th elements, we obtain 



fc=i 

a 5 v 9 ;[t - 1] + (1 - a.g) fi|[t - 1] because v M [t - 1] < — 1], Vfc 
7V a ,[t-l] + (a p -7)v s ,[t-l] + (l-a s )nj[t-l] 
jv gl [t-l] + (a fl - 7 )n,[t-l] + (l-a p )J2i[t-l] 

because v 9 ;[i — 1] < f^[i — 1] and a 9 > 7 
7 v 5/ [t-l] + (l- 7 )n,[t-l] (30) 



< 
< 
< 

< 



v j7 [t] = J2 /3fcVfci[t-l] 
fc=i 

> ^ v pl [t - 1] + (1 - /3 S ) " 1] because v«[t - 1] > m[t - 1], V/c 

> 7 v g /[t-l] + (i9 fl -7)v ff i[t-l] + 

> 7 v 9 /[i-l] + (A,-7)Mi[*-l] + 

because v s / [i — 1] > m [t — 1] , and /3 9 > 7 

> 7v s z[i-l] + (l- 7 )w[t-l] (31) 



v«M - v^[t] < (I-7) (fij[t - 1] - - 1]) subtracting (31) from (30) (32) 
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By swapping the role of p\ and pj above, we can also show that 

Vji[t] ~ vu[t] < (l- 7 )(^[i-l]-w[i-l]) 



(33) 



Putting (32) and (33) together, we obtain 



v«[t] - Vji[t] || < (1 - 7) - 1] - IH[t ~ !]) because Q t [t - 1] > m[t - 1] 



< (1 — 7) pi[t — 1] by the definition of pi[t — 1] 



(34) 



max || \u[t] 



< (l- 7 )pj[t-l] 



(35) 



because the previous inequality holds for all 1 < i,j < m 
Pl[t] < (l- 7 )pj[t-l] by© (36) 



J2i[t]-A*/M < (l-7)(^[*-l]-^[*-l]) by definition of Pl [t] 



This proves (12) 



F Optimization of Step 2 of Asynchronous BVC 



Property 1 of Component #1 of AAD described in Section 3.2 is a consequence of a stronger 
property satisfied by the AAD algorithm. 

In AAD, each process pk sends out notifications to others each time it adds a new tuple to its 
jBfc[t]; the notifications are sent over the FIFO links. AAD defines a process p^ to be a "witness" 
for process pi provided that (i) pk is known to have added at least n — f tuples to B^ [t] , and (ii) 
all the tuples that p^ claims to have added to Bk[t] are also in Bi[t]. 

AAD also ensures that each non-faulty process has at least n — f witnesses, ensuring that any 
two non-faulty processes have at least n — 2f witnesses in common, where n — 2f > f + 1. Thus, any 
two non- faulty processes pi and pj have at least one non-faulty witness in common, say pt- This, 
in turn, ensures (due to the manner in which the advertisements above are sent) that Bi[t] D Bj[t] 
contains at least the first n — f tuples advertised by pk- 

Each process can keep track of the order in which the tuples advertised by each process are 
received. Then, in Step 2 of the asynchronous approximate BVC algorithm, instead of enumerating 
all the n — /-size subsets C of Bi [t] , it suffices to only consider those subsets of Bi [t] that correspond 
to the first n—f tuples advertised by each witness of pi. Since there can be no more than n witnesses, 
at most n sets C need to be considered. Thus, in this case \Zi\ < n. 

Since each pair of non-faulty processes pi and pj shares a non-faulty witness, despite considering 
only < n subsets in Step 2, Z% and Zj computed by pi and pj contain at least one identical point, 
say, Zj,-. Our proof of correctness of the algorithm relied on the existence of such a point. 

It should now be easy to see that the rest of the proof of correctness will remain the same, with 
7 being re-defined as 



n 



2 ' 
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